| # CIS 1.5.1 Ensure core dumps are restricted (Scored) |
| # |
| # Description |
| # =========== |
| # |
| # A core dump is the memory of an executable program. It is generally used to determine |
| # why a program aborted. It can also be used to glean confidential information from a core |
| # file. The system provides the ability to set a soft limit for core dumps, but this can be |
| # overridden by the user. |
| # |
| # Rationale |
| # ========= |
| # |
| # Setting a hard limit on core dumps prevents users from overriding the soft variable. If core |
| # dumps are required, consider setting limits for user groups (see limits.conf(5) ). In |
| # addition, setting the fs.suid_dumpable variable to 0 will prevent setuid programs from |
| # dumping core. |
| # |
| # Audit |
| # ===== |
| # |
| # Run the following commands and verify output matches: |
| # |
| # # grep "hard core" /etc/security/limits.conf /etc/security/limits.d/* |
| # * hard core 0 |
| # # sysctl fs.suid_dumpable |
| # fs.suid_dumpable = 0 |
| # |
| # Remediation |
| # =========== |
| # |
| # Add the following line to the /etc/security/limits.conf file or a |
| # /etc/security/limits.d/* file: |
| # |
| # * hard core 0 |
| # |
| # Set the following parameter in the /etc/sysctl.conf file: |
| # |
| # fs.suid_dumpable = 0 |
| # |
| # Run the following command to set the active kernel parameter: |
| # |
| # # sysctl -w fs.suid_dumpable=0 |
| |
| parameters: |
| linux: |
| system: |
| limit: |
| cis: |
| enabled: true |
| domain: '*' |
| limits: |
| - type: 'hard' |
| item: 'core' |
| value: 0 |
| kernel: |
| sysctl: |
| fs.suid_dumpable: 0 |
| |